Privilege Escalation via Incorrect Group ID Restoration in pam_fscrypt

Privilege Escalation via Incorrect Group ID Restoration in pam_fscrypt

CVE-2018-6558 · MEDIUM Severity

AV:N/AC:M/AU:S/C:N/I:P/A:P

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.